They can't just sift through it, that's the fun of GDPR. They would need a specific reason and even if they did rules state under GDPR that the individual involved must be asked for their approval first. However, you have this Data Protection Act 2018 - Criminal Offences | The Crown Prosecution ServiceOf course they would have no reason to request unless an offence had been committed or serious accident happened. I don't believe there would be an automatic harvesting of data to expose an offence. Well, not just yet anyway ...
What is the LED?
Part 3 of the DPA 2018 transposes the EU Data Protection Directive 2016/680 (Law Enforcement Directive) into domestic UK law and sets out the requirements for the processing of personal data for criminal ‘law enforcement purposes’.
Which leads to this:
Guide to Law Enforcement Processing
At a glance
Part 3 only applies to competent authorities (or their processors) processing for criminal law enforcement purposes.
Part 3 only applies to competent authorities processing for law enforcement purposes. So, it applies, but is not limited, to:
the police, criminal courts, prisons, non-policing law enforcement; and
any other body that has statutory functions to exercise public authority or public powers for any of the law enforcement purposes.
So it's quite hard to use our data for any other purpose unless anonymized or they have our consent, or falls under the above sections
Sent from my SM-N976B using Tapatalk